### Use secret in Dockerfile build

The following code listing demonstrates how to inject a secret into a Dockerfile build. The secret is automatically mounted in the build container at `/run/secrets/SECRET-ID`.

<Tabs groupId="language" queryString="sdk">
<TabItem value="go" label="Go">

```go file=../../../cookbook/snippets/secret-dockerfile/go/main.go
```

</TabItem>
<TabItem value="python" label="Python">

```python file=../../../cookbook/snippets/secret-dockerfile/python/main.py
```

</TabItem>
<TabItem value="typescript" label="TypeScript">

```typescript file=../../../cookbook/snippets/secret-dockerfile/typescript/index.ts
```

</TabItem>
</Tabs>

The sample Dockerfile below demonstrates the process of mounting the secret using a secret filesystem mount type and using it in the Dockerfile build process:

```shell
FROM alpine:3.17
RUN apk add curl
RUN --mount=type=secret,id=gh-secret \
    curl "https://api.github.com/repos/dagger/dagger/issues" \
        --header "Accept: application/vnd.github+json" \
        --header "Authorization: Bearer $(cat /run/secrets/gh-secret)"
```

#### Dockerfile build with mounted secret

Build from a Dockerfile with a mounted secret from the host environment:

<Tabs groupId="shell">
<TabItem value="System shell">
```shell
dagger -c 'build . env://GITHUB_API_TOKEN'
```
</TabItem>
<TabItem value="Dagger Shell">
```shell title="First type 'dagger' for interactive mode."
build . env://GITHUB_API_TOKEN
```
</TabItem>
<TabItem value="Dagger CLI">
```shell
dagger call build --source=. --secret=env://GITHUB_API_TOKEN
```
</TabItem>
</Tabs>
